Wednesday, March 02, 2005

On Computer Crime

Computer crimes have been in the news a lot recently. By “computer crime”, I do not mean things like downloading a song off of eMule. When I say “computer crime” I mean “any action that deprives somebody of the use of their computer or data without their consent”. An example of this is the Blaster worm. The Blaster worm exploits vulnerability in the Microsoft Windows operating system. It caused $1.2 million in damage. The author of a variant of the Blaster worm got, for causing $1.2 million in damage, 18 months in prison-a year and a half in minimum security prison for causing $1.2 million dollars in damage! To me, this shows that society must take computer crimes much more seriously than we do now.Some in the technology community is not on the government to punish these cybervandals, but rather on the users to secure their machines. This is wrong, for several reasons. As usability expert Jakob Nielsen points in an article on this subject, this sort of attitude is akin to the Wild West, where the answer to crime was that everyone carried a gun. This approach has been abandoned in favor of professional police forces to deal with criminals. So should it be with computer crimes. If somebody steals everything in your apartment, that person is fully criminally liable for his actions. It doesn’t matter if the door was unlocked or not. Nor should the level of security matter when it comes to tracking down and punishing computer criminals. Furthermore, it is impossible to fully secure one’s computer against cybervandals. Everyday, new vulnerabilities are discovered. Even Fortune 500 companies that spend millions on IT have trouble keeping up with them. It would be as if you had to secure your home against Al Qaeda’s best break in team. Of course, people are not expected to do that with their homes. Neither should people be expected to secure their computers against the world’s most experienced hackers.Society must get serious about computer crime. I propose that if anybody deprives somebody of the use of their computer or data, it should be considered a theft, and dealt with accordingly. The federal penalty for theft is found in US Code Title 18 Part I Chapter 103 S 2111 “Whoever, within the special maritime and territorial jurisdiction of the United States, by force and violence, or by intimidation, takes or attempts to take from the person or presence of another anything of value, shall be imprisoned not more than fifteen years.” In other words, the penalty is up to 15 years in prison. I suggest we apply this to computer crimes. Sending worm and virus writers to federal prison (This would be a federal matter; because it would cross state lines), and to maximum security prison, not “Club Fed”, would send a strong message to cybervandals that their actions will not be excused or tolerated.